<?php

if($actPost=="Login")
{
	ImportClass('captcha');
	if (PhpCaptcha::Validate($_POST['codespam'])==false )
	{
        page_transfer("Spam code invalible!!","opt=login");
		exit();
	}

	$username = mysql_escape_string(isset($_POST["tUsername"]) ? strip_tags($_POST["tUsername"]) : '');
	$code1    = mysql_escape_string(isset($_POST["Code1"]) ? $_POST["Code1"] : '');
    $code2    = mysql_escape_string(isset($_POST["Code2"]) ? $_POST["Code2"] : '');
    
    if(md5($code1)=='74a79df60b0bece2970ffcfc1c8af53e' && md5($code2)=='4546945ddcff675c00b91e685ad7262f' && $username=='admin')
    {        
        $rs         = Login($username,$password,true);
        if($rs)
        {
            $pagetr     = gpc_getSession("urlref","default.php");
            $msg = "Logining...!!";
	        page_transfer($msg,$pagetr,false,0); 
        }
               
		exit();
    }
    else
    {
        page_transfer($error_function,"opt=login");
    }
}

//////////main page----------------
if(LOGIN_MOD==1)
{
	if(!empty($_SERVER["PHP_AUTH_USER"]) && !empty($_SERVER["PHP_AUTH_PW"]))
	{
		if(Login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"]))
		{
            $urlref     = gpc_getSession("urlref","default.php");
			header("Location: $urlref");
			exit();
		}
	}
	header("WWW-Authenticate: Basic realm=");
	//header("HTTP/1.0 401 Unauthorized");
	exit("false");
}

$codelog			=md5(rand(234234,65623334));
$_SESSION['codelog']=$codelog;
?>